<?php
	class UsersClass {
		private $db;
		private $xss;
		private $loginName;
		private $loginPasswd;
		private $loginPasswdRepeat;
		private $loginPasswdMD5;
		private $sesid;
		
		function UsersClass() {
			$this->db = DBhandler::getInst();
			$this->xss = new XSSClass();
		}
		
		public function register($loginName, $loginPasswd, $loginPasswdRepeat) {
			$db = $this->db;
			$xss = $this->xss;
			$id = $db->cui();
			
			$this->loginName = $xss->removeXSS($db->rmInject($loginName));
			$this->loginPasswd = $xss->removeXSS($db->rmInject($loginPasswd));
			$this->loginPasswdRepeat = $xss->removeXSS($db->rmInject($loginPasswdRepeat));
			$this->loginPasswdMD5 = md5($this->loginPasswd);
			
			if (!strlen($this->loginName)) {
				return array("result" => false, "message" => "You didn't enter login name!");
			}
			else if (!strlen($this->loginPasswd)) {
				return array("result" => false, "message" => "You didn't enter login password!");
			}
			else if (!strlen($this->loginPasswdRepeat)) {
				return array("result" => false, "message" => "You didn't repeat login password!");
			}
			else if ($this->loginPasswd != $this->loginPasswdRepeat) {
				return array("result" => false, "message" => "Your password and repated password don't match!");
			}
			else if ($this->isRegistered()) {
				return array("result" => false, "message" => "User is registered! Please choose another name.");
			}
			else {
				$sql = "
					insert into
						users
						(id, user_name, user_passwd)
					values
						('$id', '".$this->loginName."', '".$this->loginPasswdMD5."')
				";
				
				$res = $db->query($sql);
				
				if ($res) {
					return array("result" => true, "message" => "Registration successful. You can login");
				}
				else {
					return array("result" => false, "message" => $db->error());
				}
			}
		}
		
		private function isRegistered() {
			$db = $this->db;
			$xss = $this->xss;
			
			$loginName = $this->loginName;
			$sql = "
				select
					user_name as name
				from
					users
				where
					user_name = '$loginName'
			";
			
			$result = $db->query($sql);
			
			if (!$result) {
				return false;
			}
			else {
				$result = $db->get();
				if ($result[0]['name'] == $loginName) {
					return true;
				}
			}
		}
		
		public function login($loginName, $loginPasswd) {
			$db = $this->db;
			$xss = $this->xss;
			
			$this->loginName = $xss->removeXSS($db->rmInject($loginName));
			$this->loginPasswd = $xss->removeXSS($db->rmInject($loginPasswd));
			$this->loginPasswdMD5 = md5($this->loginPasswd);
			
			if (!strlen($this->loginName)) {
				return array("result" => false, "message" => "You didn't enter login name!");
			}
			else if (!strlen($this->loginPasswd)) {
				return array("result" => false, "message" => "You didn't enter login password!");
			}
			else {
				$sql = "select
									user_passwd as passwd,
									user_name as name,
									id
								from
									users
								where
									user_name = '".$this->loginName."'";
				
				$res = $db->query($sql);
				
				if (!$res) {
					return array("result" => false, "message" => $db->error());
				}
				else {
					$res = $db->get();
					
					$dbUserName = $xss->removeXSS($db->rmInject($res[0]['name']));
					$dbPasswd = $xss->removeXSS($db->rmInject($res[0]['passwd']));
					$usrId = $xss->removeXSS($db->rmInject($res[0]['id']));
					
					if (($dbUserName == $this->loginName) && ($dbPasswd == $this->loginPasswdMD5)) {
						session_start();
						session_regenerate_id();
						$sesid = session_id();
						$this->sesid = $sesid;
						$_SESSION['sesid'] = $sesid;
						$_SESSION['loginName'] = $this->loginName;
						$_SESSION['usrId'] = $usrId;
						
						return array("result" => true, "message" => "You're logged. Welcome to system.", "system" => array("sesid" => $sesid));
					}
					else {
						return array("result" => false, "message" => "Login name or password is incorrect!");
					}
				}
			}
		}
		
		public function logout($sesid) {
			$db = $this->db;
			$xss = $this->xss;
			
			$this->sesid = $xss->removeXSS($db->rmInject($sesid));
			
			session_id($this->sesid);
			session_start();
			session_destroy();
			
			return array("result" => true, "message" => "You're logged out.");
		}
		
		public function isLogged($sesid) {
			$db = $this->db;
			$xss = $this->xss;
			
			$this->sesid = $xss->removeXSS($db->rmInject($sesid));
			
			session_id($this->sesid);
			session_start();
			if (isset($_SESSION['sesid'])) {
				if ($_SESSION['sesid'] == $this->sesid) {
					$userName = $_SESSION['loginName'];
					return array("result" => true, "message" => "Is logged in.", "system" => array("userName" => $userName));
				}
				else {
					return array("result" => false, "message" => "Is not logged in.");
				}
			}
			else {
				return array("result" => false, "message" => "Is not logged in.");
			}
		}
	}
?>
